Keycloak Basics Tutorial Part 1

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hello this is part one of a tutorial on the basics of Key Club it is targeted to Java developers in part one you will secure two browser applications and one rest service you will create a realm roles users and role mappings for those users finally you will register these applications and services within the key cloak administration console here is a picture of what our secure deployment will look like when we get done with this tutorial we have two applications in this tutorial that make backing calls to a secured rest database the customer portal is a simple web application that just to play displays a list of customers the product portal is similar but it displays a list of products when the browser visits the customer portal site the user will be redirected to the key clock server to log in once the user is logged in they are redirected back to the customer portal customer portal obtains a token from the catalog server from which it makes a secure background rest invocation to the database service to obtain the listing of customers and then it displays it product portal works similarly except admit it's getting a product list from the backend database rest servers so let's get to work the first thing we're going to do is bring up the key clock server what I've done is I've downloaded and extracted the key clock appliance distribution this distribution contains a fully functional key clock server if you go to the key click appliance director you'll see a few subdirectories I'm in it right now so let's do an LS here and you see we have an adapter story Docs or examples and key cloak to go the server lives under this key cloak directory here and the key cloak server in this distribution is based on the wallet fly application server which is the community upstream project of JBoss to bring up the server we'll go to the key clip bin directory and we'll type standalone that Sh hit return for those of you who have developed and wildfly JBoss this procedure will look very very very familiar to you now that we have started the server we need to go to the key click administration console to setup the realm for our demo let's bring browser here okay going to HCP localhost colon 8080 slash all will bring us to the key cloak Welcome page from this page you have links to our documentation our mailing lists and other compell and all the links to our community site but the one we're interested in is going to the administration console so let's click on that this is the login page for the admin console when it first boots up out of the box key click will automatically create a master realm that is used to create application realms and also it defines an admin user called admin with a default password of admin when I enter and end this username and password I will be asked to change this admin password so let me do that right now admin admin click the login button here and you see it says you need to change your password to activate your account so let's do that change it do something else whoops I got an error here I did not type in the confirmation of my new password it correctly so let's do it again hit submit this finally brings me to the admin console and initially I'm brought to the master realm of the key clock server this master realm is generally not used to secure your applications but instead to manage access to the server itself so what we want to do is you want to create a brand new fresh realm to build our demo in to create a new realm I'll click the Abbey button which is at the top right corner of our UI this brings me to the ad realm page there are two ways you can create a realm you can import it from a JSON file by clicking this button here or you can create a new realm a new fresh clean realm by specifying the name of the room here including submit we're going to choose the latter option and the name of our realm is going to be demo so demo here I click Save and now I have a new realm called demo sea I can go back to the master realm if I need to and but we're going to be dealing with the demo realm now that we have created our demo realm we're going to create some realm level rules for it to do that we click on the role left menu item here to get to the realm level rules page level roles permissions that span the entire realm and for our demo where our applications are going to need two roles to be created and defined specifically a user role and an admin role so let's create them so I'll click on the add role button here specify a role name of user description in is user proof for ledges see if I can spell it right and click Save you go back to the listing you now see that the user role is defined so add another role called admin admin privileges save click the run roles and you see we have our admin role to find there - okay the next thing we need to do is we're going to create a user that can actually log in and play with our demo so we're going to go to the users left side menu here okay now that we have created our rolls we need to create some users some users that I can actually login in view our applications so to do that we're going to click on the users menu item here and you see we're brought to the user list page and we're going to click the add user button I'll specify user name of B bracket right head comm my email will be the same thing I'll put in my first name and my last name my interesting thing about the admin console is that it has a bunch of tooltips if you look at the information icon here if you put your mouse over that you'll see a short description of what that particular menu item does anyway we'll click Save here and now I have a new user Colby Burke the next thing we need to do is we need to assign a password to be Burke so we're going to click on the credentials menu item here there are two ways you can assign a password to a user you can create a temporary password for them in that case I'd be like when we first logged in to the admin console we'll have to change the password when we first log in or you can create a permanent one and we're going to create a permanent one so we're going to quick click temporary to be off we're going to specify our new pass we're going to specify the new password we're going to confirm it and we're going to sit reset the password okay so now we have a password for our user next thing we're going to do is set up role mappings for the user we're going to give them permissions we're going to assign the user permission to this user click assign role and you see that the user is assigned so our first user has been created and we have assigned roles to them now what we have to do is we have to register the applications that are going to be secured by this demo to do that we need to go to the applications link here on the Left menu click applications and key calc has some built-in applications specifically as the security admin console and some other things that you can view in our documentation but what what you're interested in here is the ad application button so we're going to click that and we're going to define our customer portal application okay I'll be the name of our application will be customer portal next thing we have to do is decide the access type of the application by default the access type of the application is confidential this means that our application requires a client secret in order to obtain the token from the authentication server so that is the most secure way to deploy an application so we'll keep that there we also are required to specify a redirect URI pattern when a user requests a login to a specific application they will after they log in they will be redirected back to a redirect URI that's specified by the application you have to specify this a key clip requires you to specify this particular URI you can put in a relative your if you want and that's what we're going to do this will be relative to the authentication server because I actually have the customer portal deployed on this same machine sobye customer portal slash star so basically any URLs that follow this particular pattern will be allowed to redirect back to the actual application click Save here I've got to click Add don't forget to click add one then wanna click Save here another thing I want to specify is the admin URL this is a callback URL from the key click off server to the application when it wants to push information to that application some things that it might want to push are might want to log out a specific user might want to push our replication policy might want to get stats from the customer portal really on any administrative function will go through this particular URL for JBoss deployments for JBoss applications you just need to specify the root URL of the application again we can specify a relative URL or if it's on another machine specify the whole URL ok I'll click Save okay next thing we need to define is the product portal we need to register that application so we'll go back to the applications list we'll click the add application button let's just five product portal will also be confidential we'll specify a fully qualified URL this time it's important to put the wild card there unless you want to you can have multiple URLs if you want for instance so I could have a call that URL a little wild card theta so you can have you can have specific URLs or you can have wild cards there so we'll save that specify the a pin URL and then we'll be done okay find out we have to define the database servers it this service is a rest only service it's a rest service so what we'll have for access type option is bearer only this means that it only accepts token authentication it browsers will never visit this particular application click Save and now we're all set up our realm and is all set up within the key cloak database within the key clip server so what we're going to do now is go to part two of this particular tutorial and in that part we will actually configure the actual applications so that they can be secured by the key clock authentication server so go back to our documentation page on our website and click on the part two link thanks
Info
Channel: Bill Burke
Views: 82,677
Rating: 4.90378 out of 5
Keywords:
Id: z-sUzl9eG6M
Channel Id: undefined
Length: 13min 55sec (835 seconds)
Published: Wed Sep 03 2014
Related Videos
How to secure your Microservices with Keycloak - Thomas Darimont
Voxxed Days Luxembourg
43K
Keycloak Intro
Stian Thorgersen
64K
Steve Jobs Insult Response - Highest Quality
Jonathan Field
10M
Bilding an effective identity and access management architecture with Keycloak
Devoxx
19K
OAuth 2.0 and OpenID Connect (in plain English)
OktaDev
1M
Keycloak Intro
Bill Burke
42K
EMPATHY - BEST SPEECH OF ALL TIME By Simon Sinek | Inspiritory
Biograflick
3.7M
Ana Vidović - FULL CONCERT - CLASSICAL GUITAR - Live from St. Mark's, SF - Omni Foundation
Omni Foundation
2.8M
Kubernetes Tutorial for Beginners [FULL COURSE in 4 Hours]
TechWorld with Nana
1.9M
Keycloak Deep Dive
Stian Thorgersen
45K
Java Project Tutorial - How To Design Login And Dashboard Form In Java Netbeans
1BestCsharp blog
4.5M
[Bydgoszcz JUG #27] Sebastian Łaskawiec - Keycloak - uwierzytelnianie w świecie mikro-serwisów
Bydgoszcz JUG
2.2K
Billionaire Mathematician - Numberphile
Numberphile
3.3M
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.